<?php
//	  PHPcongrats - Holiday and Birthday Mailer
//	
//    Copyright (C) 2011  Matthias Nass
//
//    This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
//
//    This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
//
//    You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>.


session_start();
include './DBconnect.php';
include './hash.php';
if (isset($_POST['username']) && isset($_POST['password'])){
	//login process here for now logged in eveyone
	$query = "SELECT password FROM users WHERE username='".mysql_real_escape_string($_POST['username'])."';";
	$result = mysql_db_query($database, $query,$link);
	$result_row = mysql_fetch_row($result);
	mysql_close($link);
	if ($result_row[0] == saltTheHash($_POST['password'], $result_row[0])){
		$_SESSION['username'] = $_POST['username'];
		$_SESSION['loggedin'] = true;
		if($_SESSION['last_location'] == ""){
			$location_to_jump = "Location: http:./index.php";
			header( $location_to_jump );
		}else{
			$location_to_jump = "Location: http:".$_SESSION['last_location']."";
			header( $location_to_jump );
		}
	}else{
		$message = "Entweder ihr Benutzername oder ihr Passwort ist falsch";
	}

}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<title>Anmelden</title>
<link rel="stylesheet" type="text/css" href="./styles.css">
</HEAD>
<body>
	<h2>PHPcongrats <img src='./icons/rosette.png' alt='Rosette'/></h2>
	<h1>Anmelden</h1>
	<p class="message">
	<?php echo $message?>
	</p>
	<form action="./login.php" method="post">
		<input type="text" name="username"> Benutzername <br>
		<input type="password" name="password"> Passwort <br>
		<input type="submit" name="submit" />
	</form>
</body>
</HTML>
